Changeset 252511 in webkit


Ignore:
Timestamp:
Nov 15, 2019 4:05:01 PM (4 years ago)
Author:
jer.noble@apple.com
Message:

CRASH in SourceBuffer::removeCodedFrames()
https://bugs.webkit.org/show_bug.cgi?id=204248

Reviewed by Eric Carlson.

Speculative fix for rare crash. It's possible that the startTime and endTime inputs to
removeCodedFrames() are out-of-order, which could lead to iterating off the end of the
SampleMap. Verify that startTime < endTime and bail out early if not true.

  • Modules/mediasource/SourceBuffer.cpp:

(WebCore::SourceBuffer::removeCodedFrames):

Location:
trunk/Source/WebCore
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WebCore/ChangeLog

    r252504 r252511  
     12019-11-15  Jer Noble  <jer.noble@apple.com>
     2
     3        CRASH in SourceBuffer::removeCodedFrames()
     4        https://bugs.webkit.org/show_bug.cgi?id=204248
     5
     6        Reviewed by Eric Carlson.
     7
     8        Speculative fix for rare crash. It's possible that the startTime and endTime inputs to
     9        removeCodedFrames() are out-of-order, which could lead to iterating off the end of the
     10        SampleMap. Verify that startTime < endTime and bail out early if not true.
     11
     12        * Modules/mediasource/SourceBuffer.cpp:
     13        (WebCore::SourceBuffer::removeCodedFrames):
     14
    1152019-11-14  Ryosuke Niwa  <rniwa@webkit.org>
    216

  • trunk/Source/WebCore/Modules/mediasource/SourceBuffer.cpp

    r251244 r252511  
    802802    DEBUG_LOG(LOGIDENTIFIER, "start = ", start, ", end = ", end);
    803803
     804    ASSERT(start < end);
     805    if (start >= end)
     806        return;
     807
    804808    // 3.5.9 Coded Frame Removal Algorithm
    805809    // https://dvcs.w3.org/hg/html-media/raw-file/tip/media-source/media-source.html#sourcebuffer-coded-frame-removal
Note: See TracChangeset for help on using the changeset viewer.